Penetration Testing Archives:

My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update - XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine Read more about UPDATE: XSStrike 3.1.2

I'm sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this version is that this is an AWS only version. Read more about UPDATE: Infection Monkey 1.6.1

RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It Read more about UPDATED VERSION: RouterSploit 3.4.0

Consider you have a shell on a system and other post-exploitation do not work for you as they are being caught by a security solution on the system. Worry not as we now have iBombShell, a dynamic remote shell that can be run on any system that supports PowerShell. The reason this is called dynamic is because functions can be dynamically added and loaded as per your requirement. Read more about iBombShell: A Dynamic Post-Exploitation Remote Shell

If you liked my older post titled "List of Adversary Emulation Tools", I am sure you must want to know what is the difference or comparison between the different tools. This post is an attempt to do just that -to list down the comparison of open source adversary emulation tools. I have compared their capabilities against the 11 tactics mentioned in the MITRE ATT&CK Read more about Comparison of Open Source Adversary Emulation Tools

Featured Post

Three days ago, an updated version – Sysdig Falco v0.15.0 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release incorporates a lot of rule updates that are now also tagged the for MITRE ATT&CK Framework and patches CVE-2019-8339, a medium severity vulnerability.Read more about UPDATE: Sysdig Falco v0.15.0